Configure global settings, HPEL inputs, and server log inputs for IBM WebSphere Application Server
Configuring your HPEL inputs and your file monitor inputs for your server log files requires for several steps. You can perform all of this configuration using configuration files.. You can use a deployment server for configuring the add-on on your forwarders or configure it directly on the forwarders using the configuration files.
Prerequisites:
- Ensure you have configured your IBM WebSphere application servers to enable logging for the logs you want to collect with the add-on as described in Configure IBM WebSphere to produce data for the Splunk Add-on for IBM WebSphere Application Server.
- If you are using a Universal Forwarder, you must be using Python version 3.7 or 3.9 to forward or collect HPEL logs.
- In the newer versions of the Splunk Universal Forwarder versions 9.x and above, the management port is not enabled by default, this is required for the IBM WebSphere Application Server add-on. To activate the management port in Splunk Universal Forwarder follow these steps:
- For Linux, add the following to
splunkforwarder/etc/system/local/server.conf
:
[httpServer]
mgmtMode = tcp
- In
splunkforwarder/etc/system/local/web.conf
, add the following (update the management port):
[settings]
mgmtHostPort = 127.0.0.1:8089
- For Windows, add the following to
SplunkUniversalForwarder\etc\system\local\server.conf
:
[general]
python.version=unspecified
Add the following line to set the PYTHONPATH of your Python installation in the .conf file:
SplunkUniversalForwarder\etc\splunk-launch.conf
PYTHONPATH= < path to your python installation>
Configure HPEL and server log inputs using configuration files
Follow these steps to configure your global settings and your HPEL and/or server log inputs using the configuration files.
Configure global settings and HPEL settings in local/ibm_was.conf
1. Copy $SPLUNK_HOME/etc/apps/Splunk_TA_ibm-was/default/ibm_was.conf
to $SPLUNK_HOME/etc/apps/Splunk_TA_ibm-was/local/
.
2. Provide the root installation directory of your IBM WebSphere application server for the argument was_install_dir
.
3. All other parameters are optional. Refer to the table for information about each one.
Section | Argument | Description | Default |
---|---|---|---|
Global settings | index
|
The index in which to store data collected with the Splunk Add-on for IBM WebSphere Application Server. | main |
was_install_dir
|
Required. The installation directory of your IBM WebSphere application server. On Windows, the WebSphere installation path should include all spaces. For example: C:\Program Files (x86)\IBM\WebSphere .
|
None | |
log_level
|
The logging verbosity for the the add-on. | INFO | |
HPEL settings | excluded_profiles
|
Profiles to exclude from HPEL data collection separated by commas. For example, MyProfile.*,OtherProfile. | None |
excluded_servers
|
Servers to exclude from HPEL data collection separated by commas specified in the format <Profile>:<ServerDir>. E.g., ProfileA:ServerA1,ProfileB:ServerB3 | None | |
start_date
|
HPEL logs start date (UTC) in "MM/dd/yy H:m:s:S" format. For example, 6/29/15 00:00:00:000. Note that you can configure this only before you enable the input for the first time. | 1 day ago | |
level
|
Set a single log level to collect from the HPEL log data. This argument overrides any values in min_level and max_level .
|
None | |
min_level
|
Set a minimum log level to collect from the HPEL log data. Ensure the min_level is set to a lower level than max_level to define a valid range.
|
INFO | |
max_level
|
Set a maximum log level to collect from the HPEL log data. Ensure the max_level is set to a higher level than min_level to define a valid range.
|
FATAL | |
duration
|
The collection interval for the HPEL input. | 60
|
4. To collect the data for this sourcetype you need to enable IBM WAS Input from either the UI or backend:
- From UI:
Data inputs > Splunk Add-on for IBM WebSphere Application Server > Enable 'was_data_input'.
- From Backend: You can enable this stanza from
$SPLUNK_HOME/etc/apps/Splunk_TA_ibm-was/local/inputs.conf > [ibm_was://was_data_input]
Configure the file monitoring stanzas for server logs in local/inputs.conf
From the version 5.0.0, we have provided default file monitoring stanzas for each sourcetype in default/inputs.conf. You can enable these stanzas in the local/inputs.conf to start the data collection. These default stanzas will leverage the WASHOME environment variable of an IBM WAS server for the file and directory path in them. Please note that we have provided separate stanzas for windows OS and "non" windows OSs because these OSs use different separators in their file paths. Examples:
Windows OS
[monitor://$WASHOME\...\derby.log]
crcSalt = SOURCE
followTail = 1
sourcetype = ibm:was:derby
disabled = true
index = default
Unix and Linux based OSs
[monitor://$WASHOME/.../derby.log]
crcSalt = SOURCE
followTail = 1
sourcetype = ibm:was:derby
disabled = true
index = default
In the local/inputs.conf, enable the stanzas as per your OS.
For example, when using Windows OS:
[monitor://$WASHOME\...\derby.log]
disabled = true
Make sure that the WASHOME environment variable is properly configured on the system having the IBM WAS server. For windows OS, set the variable in System Properties -> Environment Variables -> System Variables For other unix and linux based OS, set the variable in the .profile file on your system.
The setting followTail = 1
will let you skip over data in files, and immediately begin indexing current data, i.e. it will not ingest the already present data in files but will only ingest new data to those files after enabling the stanza.
Validate the inputs
To validate that all of the inputs you configured are working correctly, go to the Search and Reporting app and search for the source types listed on the source types page that match the inputs that you configured.
Configure JMX inputs for the Splunk Add-on for IBM WebSphere Application Server | Enable saved search for the Splunk Add-on for IBM WebSphere Application Server |
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Feedback submitted, thanks!